<!DOCTYPE html>
<html>

  <head>
    <meta charset='utf-8' />
    <meta http-equiv="X-UA-Compatible" content="chrome=1" />
    <meta name="description" content="CAS - Single Sign-On for the Web" />
    
    
    <link rel="stylesheet" type="text/css" media="screen"
          href="../../stylesheets/v40x-stylesheet.css">
    <link rel="stylesheet" type="text/css" media="print"
          href="../../stylesheets/print.css">
    <title>CAS - OAuth Protocol</title>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
    <script src="../../javascripts/URI.js"></script>
    <script src="../../javascripts/v40x-main.js"></script>
  </head>

  <body>
    <!-- HEADER -->
    <div id="header_wrap" class="outer">
        <header class="inner">
          <a id="forkme_banner" href="https://github.com/Jasig/cas">View on GitHub</a>
          <div id="project_title">
            <a class="undecorated" href="../../index.html">
              <img class="undecorated" src="../../images/cas_logo.png"/>
            </a>
          </div>
          <h2 id="project_tagline">Single Sign-On for the Web</h2>
        </header>
    </div>

    <!-- NAVBAR -->    
    <div id="navbar_wrap" class="outer">
      <header id="navbar_content" class="inner">
        <div class="navlink">
  <a href="../../index.html">Home</a>
</div>
<div class="navlink">
  <a href="https://github.com/Jasig/cas/releases">Downloads</a>
</div>
<div class="navlink">
  <a href="https://www.google.com/cse/publicurl?cx=017040929083740828958:sqr2hwvrxmg">Search</a>
</div>
<div class="navlink">
  <a href="../../Support.html">Support</a>
</div>
<div class="navlink">
  <a href="../../Mailing-Lists.html">Mailing Lists</a>
</div>
<div class="navlink">
  <a href="../../Older-Versions.html">Older Versions</a>
</div>

        </header>
    </div>

      <!-- SIDEBAR -->
      <div id="sidebar_wrap" class="outer">
        <header id="sidebar_content" class="inner">
          <span id="sidebartoc"></span>
        </header >
      </div>
      
      <!-- PAGE TABLE OF CONTENTS -->
      <div id="table_contents" class="outer">
        <header id="sidebar_content" class="inner">
          <span id="tableOfContents"></span>
        </header>
      </div>
      
      <!-- MAIN CONTENT -->
      <div id="main_content_wrap" class="outer">
        <section id="main_content" class="inner">
          <h1 id="oauth-protocol">OAuth Protocol</h1>
<p>You can configure the CAS server with:</p>

<ul>
  <li><a href="../integration/Delegate-Authentication.html">OAuth client support</a>, which means authentication can be delegated through a link on the login page to a CAS, OpenID or OAuth provider. </li>
  <li><a href="../installation/OAuth-OpenId-Authentication.html">OAuthn server support</a>, which means you will be able to communicate with your CAS server through the <a href="http://oauth.net/2/">OAuth 2.0 protocol</a>, using the <em>Authorization Code</em> grant type.</li>
</ul>

<h1 id="cas-oauth-server-support">CAS OAuth Server Support</h1>
<p>Three new urls will be available:</p>

<ul>
  <li>
    <p><strong>/oauth2.0/authorize</strong><br />
It’s the url to call to authorize the user: the CAS login page will be displayed and the user will authenticate. After successful authentication, the user will be redirected to the OAuth <em>callback url</em> with a code. Input GET parameters required: <em>client_id</em> and <em>redirect_uri</em>.</p>
  </li>
  <li>
    <p><strong>/oauth2.0/accessToken</strong><br />
It’s the url to call to exchange the code for an access token. Input GET parameters required: <em>client_id</em>, <em>redirect_uri</em>, <em>client_secret</em> and <em>code</em>.</p>
  </li>
  <li>
    <p><strong>/oauth2.0/profile</strong><br />
It’s the url to call to get the profile of the authorized user. Input GET parameter required: <em>access_token</em>. The response is in JSON format with all attributes of the user.</p>
  </li>
</ul>

<h1 id="delegate-to-an-oauth-provider">Delegate to an OAuth Provider</h1>

<p>Using the OAuth protocol, the CAS server can also be configured to <a href="../integration/Delegate-Authentication.html">delegate the authentication</a> to an OAuth provider (like Facebook, Twitter, Google, Yahoo…)</p>


        </section>
      </div>

    <!-- FOOTER  -->
    <div id="footer_wrap" class="outer">
      <footer class="inner">
        <p>CAS is supported by the <a href="http://www.apereo.org/">Apereo Foundation</a>.</p>
      </footer>
    </div>
  </body>
</html>
